package org.truenewx.tnxjeex.fss.service.storage.aws;

import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
import com.amazonaws.services.securitytoken.model.Credentials;

/**
 * 亚马逊云STS临时角色扮演者
 *
 * @author jianglei
 */
public class AwsStsRoleAssumer {

    private int durationSeconds = 60 * 15; // 允许的最小时间
    private AwsAccount account;

    public AwsStsRoleAssumer(AwsAccount account) {
        this.account = account;
    }

    public void setDurationSeconds(int durationSeconds) {
        this.durationSeconds = durationSeconds;
    }

    public Credentials assumeRole(String policyDocument) {
        AssumeRoleRequest request = new AssumeRoleRequest();
        request.setPolicy(policyDocument);
        request.setDurationSeconds(this.durationSeconds);
        AssumeRoleResult result = this.account.getStsClient().assumeRole(request);
        return result.getCredentials();
    }

}
